Posted on

CVE-2020-10595

pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single ‘’ byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option.

Posted on

net-snmp up to 5.7 table_container.c _set_key UDP Packet denial of service

A vulnerability, which was classified as problematic, has been found in net-snmp up to 5.7 (Network Management Software). Affected by this issue is the function _set_key of the file agent/helpers/table_container.c. Upgrading to version 5.8 eliminates this vulnerability. A possible mitigation has been published 3 weeks after the disclosure of the vulnerability.

Posted on

Adobe Acrobat Reader memory corruption [CVE-2018-15951]

A vulnerability was found in Adobe Acrobat Reader up to 2015.006.30452/2017.011.30102/2018.011.20063 (Document Reader Software). It has been rated as critical. This issue affects an unknown function. Upgrading to version 2015.006.30456, 2017.011.30105 or 2019.008.20071 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Posted on

CVE-2020-10374

A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form.

Posted on

CVE-2019-9509

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user account to execute arbitrary code.

Posted on

Adobe Acrobat Reader memory corruption [CVE-2018-12853]

A vulnerability was found in Adobe Acrobat Reader up to 2015.006.30452/2017.011.30102/2018.011.20063 (Document Reader Software). It has been classified as critical. This affects an unknown code block. Upgrading to version 2015.006.30456, 2017.011.30105 or 2019.008.20071 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Posted on

CVE-2019-9508

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each time a user browsed to the page.

Posted on

Adobe Acrobat Reader Use-After-Free memory corruption [CVE-2018-12877]

A vulnerability was found in Adobe Acrobat Reader up to 2015.006.30452/2017.011.30102/2018.011.20063 (Document Reader Software) and classified as critical. This issue affects some unknown functionality. Upgrading to version 2015.006.30456, 2017.011.30105 or 2019.008.20071 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Posted on

CVE-2019-9507

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root.

Posted on

Adobe Acrobat Reader Heap-based memory corruption [CVE-2018-12833]

A vulnerability has been found in Adobe Acrobat Reader up to 2015.006.30452/2017.011.30102/2018.011.20063 (Document Reader Software) and classified as critical. Affected by this vulnerability is some unknown processing. Upgrading to version 2015.006.30456, 2017.011.30105 or 2019.008.20071 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Posted on

CVE-2019-20634

An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails that receive preferable scores, with a goal of delivering malicious emails.